Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I got scammed on the phone, ya i fell for it [Closed]


  • This topic is locked This topic is locked

#1
jjam04

jjam04

    Member

  • Member
  • PipPip
  • 11 posts
I would like to thank anyone who helps me with this but looking for an expert, but my computer is my life and i haven't restarted it since they did things to my baby.

OTL logfile created on: 1/29/2014 1:33:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.68% Memory free
6.00 Gb Paging File | 4.79 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.83 Gb Total Space | 147.62 Gb Free Space | 66.85% Space Free | Partition Type: NTFS
Drive D: | 11.96 Gb Total Space | 5.13 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
Drive G: | 960.81 Mb Total Space | 952.93 Mb Free Space | 99.18% Space Free | Partition Type: FAT32

Computer Name: JASON-PC2 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/23 16:11:07 | 000,739,608 | ---- | M] () -- C:\Users\Jason\Downloads\AA_v3.exe
PRC - [2014/01/19 15:27:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013/08/09 19:02:12 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2013/05/16 09:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/03 16:41:16 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011/11/03 15:47:36 | 000,243,056 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/08/04 12:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Rogers\Rogers Connection Manager\WaHelper.exe
PRC - [2011/06/16 13:40:20 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/28 14:26:44 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/28 14:21:56 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/07/13 18:14:17 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinotify.exe
PRC - [2009/06/25 21:48:44 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/06/25 21:48:16 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2009/05/05 15:06:02 | 001,152,288 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 09:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 16:39:14 | 000,251,248 | ---- | M] () -- C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/11 02:08:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/09 19:02:12 | 001,678,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013/07/19 19:46:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/03 15:47:36 | 000,243,056 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/06/16 13:40:20 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/25 21:48:16 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SWUMX20)
DRV - [2013/08/09 19:02:12 | 000,174,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/28 11:45:08 | 000,237,568 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/05/16 11:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 13:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/26 19:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/02 20:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 20:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/25 22:23:46 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/10/30 11:41:44 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2007/05/29 15:32:56 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2kp.sys -- (USA19H2KP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {B24864FB-99FC-4028-89CF-186CD37D2CF7}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes,DefaultScope = {B24864FB-99FC-4028-89CF-186CD37D2CF7}
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{8B665307-47CE-44A5-88B3-67D7B300AD97}: "URL" = http://search.condui...3285981338&UM=2
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{B24864FB-99FC-4028-89CF-186CD37D2CF7}: "URL" = http://search.condui...3637483189&UM=2
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Torntv V6.0 = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\crossrider
CHR - Extension: Torntv V6.0 = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FVD Downloader = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Google Wallet = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/12 00:42:35 | 000,450,639 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Rogers\Rogers Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation)
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [123_16278002084663] C:\Users\Jason\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{193DFE1A-DF8D-4F13-946A-02E995EE8D15}: NameServer = 64.71.255.254 64.71.255.253
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/01 11:52:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
O33 - MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -ap
O33 - MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -ap
O33 - MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/23 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\LogMeIn Rescue Applet
[2014/01/23 16:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2014/01/19 12:21:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Sony Vaio PCG-C1X
[2014/01/14 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Otafest 2009
[2014/01/10 14:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\3D printer
[2014/01/08 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\67 Mustang
[2014/01/06 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Volt
[2014/01/06 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\vw xl1
[2014/01/06 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Audi
[2014/01/06 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Road Warrior
[2014/01/05 17:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\EPS Patrol Cars
[2014/01/05 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\line art cars
[2014/01/05 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Dark Star Games
[2014/01/05 16:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\crown Vicy
[2014/01/05 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Chev
[2014/01/03 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Ford customs
[2014/01/03 20:44:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Old Hwy trucks
[2014/01/03 20:20:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Knott's Berry Farm

========== Files - Modified Within 30 Days ==========

[2014/01/29 01:36:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/01/29 01:31:50 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/29 01:31:18 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/29 01:31:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 01:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/23 13:10:43 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 13:10:43 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/23 13:09:12 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/23 13:09:12 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/23 13:03:13 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/14 10:41:51 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/01/14 10:41:50 | 000,000,088 | RHS- | M] () -- C:\ProgramData\BC0189C886.sys
[2014/01/12 00:42:35 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/12 00:42:09 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140112-004235.backup
[2014/01/12 00:41:46 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140112-004209.backup

========== Files Created - No Company Name ==========

[2014/01/14 11:57:14 | 004,844,544 | ---- | C] () -- C:\Users\Jason\Documents\Sleepwalk-1.pps
[2014/01/14 11:57:14 | 002,831,872 | ---- | C] () -- C:\Users\Jason\Documents\OldAmerica.pps
[2013/12/26 12:47:55 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013/12/18 11:03:38 | 000,000,218 | ---- | C] () -- C:\Users\Jason\AppData\Local\recently-used.xbel
[2013/10/19 08:22:31 | 000,011,600 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/10/05 13:33:41 | 000,054,552 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2013/10/01 08:11:40 | 000,008,791 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/07 07:03:56 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/09/07 07:03:56 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/09/07 07:00:30 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/09/07 06:59:41 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/09/07 06:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/09/07 06:59:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/09/07 06:59:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/07/20 01:06:17 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2013/07/20 01:06:17 | 000,000,088 | RHS- | C] () -- C:\ProgramData\BC0189C886.sys
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/19 18:55:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/01 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Autodesk
[2013/12/07 09:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Bitstream
[2013/09/07 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ControlCenter4
[2013/12/18 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2013/09/05 02:11:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\inkscape
[2013/10/05 13:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2013/09/09 06:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nuance
[2013/09/03 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sierra Wireless
[2013/07/19 23:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SumatraPDF
[2013/07/19 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeraCopy
[2013/12/26 12:49:55 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2013/12/26 12:48:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\VDownloader
[2013/09/09 06:25:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zeon
[2013/10/07 06:54:39 | 000,000,000 | ---D | M] -- C:\Users\JJAM\AppData\Roaming\ControlCenter4
[2013/10/07 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\JJAM\AppData\Roaming\Sierra Wireless

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 1/29/2014 1:33:39 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 65.68% Memory free
6.00 Gb Paging File | 4.79 Gb Available in Paging File | 79.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.83 Gb Total Space | 147.62 Gb Free Space | 66.85% Space Free | Partition Type: NTFS
Drive D: | 11.96 Gb Total Space | 5.13 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
Drive G: | 960.81 Mb Total Space | 952.93 Mb Free Space | 99.18% Space Free | Partition Type: FAT32

Computer Name: JASON-PC2 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program files\Rogers\Rogers Connection Manager\TRUUpdater.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe" = C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX
"C:\Program files\Rogers\Rogers Connection Manager\SwiApiMuxX.exe" = C:\Program files\Rogers\Rogers Connection Manager\SwiApiMuxX.exe:*:Enabled:SwiApiMuxX


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6DF763DC-7132-43A1-A36C-75F654DD1C3B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0753F-ED10-40C0-8CC9-C0BC32D5DA24}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{03BB923A-67B5-4755-93B9-74D8AD775D85}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{2B158424-1C6A-4C71-BD0D-3784A767D728}" = protocol=17 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{32E0616C-2FED-4DEF-A79E-827A338CD45B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{33D53D72-DB29-43F9-AD71-638C85E0E460}" = protocol=6 | dir=in | app=c:\users\jason\appdata\roaming\utorrent\utorrent.exe |
"{44DD0572-B240-4731-9C0C-5B0B95F2C93F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{56A25997-F987-4843-8D62-566001B069AE}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{6AE1052A-F482-438E-AD34-E6235A90693F}" = dir=out | app=%programfiles%\corel\coreldraw graphics suite x4\programs\coreldrw.exe |
"{79069B45-390B-467C-8979-F74930289FCA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8856CF6B-C0DB-403D-B472-29F076C9E34F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9CCDE00D-AC49-4803-BC27-933BA3AC9ACA}" = dir=out | app=%programfiles%\corel\coreldraw graphics suite x4\programs\corelpp.exe |
"{A1DBFA41-64F7-404B-8B35-35D824DC2773}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F5988DCE-32BF-4F60-AD25-70E9AB985FB1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW® Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}" = Brother MFL-Pro Suite MFC-J6910DW
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{38764777-9FDB-35BC-A8DB-FA324E5EAC4A}" = Google Chrome
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{56D4499E-AC3E-4B8D-91C9-C700C148C44B}" = Google Drive
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.9.1627
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications ® Core - English
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C295E308-5238-4157-962C-FDBF090ECC7E}" = Rogers Connection Manager
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW® Graphics Suite X4 - Windows Shell Extension
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications ® Core
"1ClickDownload" = TornTV
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GIMP-2_is1" = GIMP 2.8.6
"ImgBurn" = ImgBurn
"Inkscape" = Inkscape 0.48.4
"Kinnetic FX" = Kinnetic FX 1.14
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SumatraPDF" = SumatraPDF
"TeraCopy_is1" = TeraCopy 2.27
"VLC media player" = VLC media player 2.0.7
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2014 11:47:57 AM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/13/2014 2:19:04 PM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2014 1:47:54 PM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2014 4:07:25 PM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/15/2014 4:39:18 PM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/19/2014 12:58:53 PM | Computer Name = Jason-PC2 | Source = Application Error | ID = 1000
Description = Faulting application name: TRUUpdater.exe, version: 11.4.1111.0, time
stamp: 0x4eb334a7 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0x428 Faulting application
start time: 0x01cf1232cbd0d038 Faulting application path: C:\Program Files\Sierra
Wireless Inc\WebUpdater\TRUUpdater.exe Faulting module path: unknown Report Id: f98f1f60-812a-11e3-9580-00a0d5ffffae

Error - 1/23/2014 4:03:31 PM | Computer Name = Jason-PC2 | Source = WinMgmt | ID = 10
Description =

Error - 1/23/2014 9:00:05 PM | Computer Name = Jason-PC2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/23/2014 9:00:05 PM | Computer Name = Jason-PC2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15600

Error - 1/23/2014 9:00:05 PM | Computer Name = Jason-PC2 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15600

[ Spybot - Search and Destroy Events ]
Error - 12/26/2013 4:51:18 PM | Computer Name = Jason-PC2 | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 12/29/2013 12:56:22 PM | Computer Name = Jason-PC2 | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1053

Error - 12/29/2013 12:57:05 PM | Computer Name = Jason-PC2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinHttpAutoProxySvc service.

Error - 12/29/2013 12:57:05 PM | Computer Name = Jason-PC2 | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1053

Error - 12/29/2013 12:57:38 PM | Computer Name = Jason-PC2 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WinHttpAutoProxySvc service.

Error - 12/29/2013 12:57:38 PM | Computer Name = Jason-PC2 | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
due to the following error: %%1053

Error - 1/7/2014 2:30:25 PM | Computer Name = Jason-PC2 | Source = DCOM | ID = 10010
Description =

Error - 1/8/2014 12:09:57 PM | Computer Name = Jason-PC2 | Source = DCOM | ID = 10010
Description =

Error - 1/10/2014 9:18:27 PM | Computer Name = Jason-PC2 | Source = DCOM | ID = 10010
Description =

Error - 1/15/2014 4:31:53 PM | Computer Name = Jason-PC2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.

Error - 1/15/2014 4:31:54 PM | Computer Name = Jason-PC2 | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.


< End of report >

# AdwCleaner v3.017 - Report created 29/01/2014 at 01:44:35
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jason - JASON-PC2
# Running from : G:\AdwCleaner (1).exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Found : C:\Windows\System32\Tasks\MySearchDial
File Found : C:\Windows\Tasks\MySearchDial.job
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\KeyBar_1.8
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\Searchprotect
Folder Found C:\Program Files\TornTV.com
Folder Found C:\Program Files\Vafmusic2
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Found C:\Users\Jason\AppData\Local\genienext
Folder Found C:\Users\Jason\AppData\Local\Mobogenie
Folder Found C:\Users\Jason\AppData\LocalLow\Conduit
Folder Found C:\Users\Jason\AppData\LocalLow\KeyBar_1.8
Folder Found C:\Users\Jason\AppData\LocalLow\PriceGong
Folder Found C:\Users\Jason\AppData\LocalLow\Vafmusic2
Folder Found C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Found C:\Users\Jason\Documents\Mobogenie
Folder Found C:\Users\JJAM\AppData\LocalLow\Vafmusic2

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\KeyBar_1.8
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\installedbrowserextensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKCU\Software\Pokki
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Vafmusic2
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Found : HKLM\Software\hdcode
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\KeyBar_1.8
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21CCBA82-8D71-40F0-A003-E5657FFBEE94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F67ACD-DA08-40DD-9D1F-B492D5122D35}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F90F6DC-952B-4ECD-8E80-767DFF192A5E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2417B40-BB85-4244-BA17-DCD81740B65E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\BackgroundContainer Startup Task
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Desk 365 RunAsStdUser
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\MySearchDial
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A39C53-9A33-4888-88A5-6E94085612C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A39C53-9A33-4888-88A5-6E94085612C8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAD5A635-BAE5-4B0E-8098-8E0B584DF47B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4436EC1-C086-4815-9DCC-F32D482BE21C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4436EC1-C086-4815-9DCC-F32D482BE21C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic2 Toolbar
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Vafmusic2
Key Found : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd1202&cd=2XzuyEtN2Y1L1QzutDtD0AtD0DyD0F0F0F0F0A0EyCzzyDyDtN0D0Tzu0CyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1537722089&ir=

-\\ Google Chrome v32.0.1700.76

[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\JJAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7596 octets] - [29/01/2014 01:44:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7656 octets] ##########

Eset scanner

C:\Program Files\KeyBar_1.8\ldrtbKeyB.dll a variant of Win32/Toolbar.Conduit.P application
C:\Program Files\KeyBar_1.8\tbKeyB.dll a variant of Win32/Toolbar.Conduit.B application
C:\Program Files\Mobogenie\nengine.dll Win32/NextLive.A application
C:\Program Files\Vafmusic2\ldrtbVafm.dll a variant of Win32/Toolbar.Conduit.P application
C:\Program Files\Vafmusic2\tbVafm.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\Jason\AppData\Local\genienext\nengine.dll Win32/NextLive.A application
C:\Users\Jason\AppData\LocalLow\KeyBar_1.8\ldrtbKeyB.dll a variant of Win32/Toolbar.Conduit.P application
C:\Users\Jason\AppData\LocalLow\KeyBar_1.8\tbKeyB.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\Jason\AppData\LocalLow\KeyBar_1.8\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A application
C:\Users\Jason\AppData\LocalLow\Vafmusic2\ldrtbVafm.dll a variant of Win32/Toolbar.Conduit.P application
C:\Users\Jason\AppData\LocalLow\Vafmusic2\tbVafm.dll a variant of Win32/Toolbar.Conduit.B application
C:\Users\Jason\AppData\LocalLow\Vafmusic2\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll a variant of Win32/PriceGong.A application
C:\Users\Jason\Downloads\AA_v3.exe a variant of Win32/RemoteAdmin.Ammyy.B application
C:\Windows\System32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D application
D:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.A application

Edited by jjam04, 29 January 2014 - 05:05 AM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Jason, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

I am analyzing your logs now. Please tell me what issues you are having.
  • 1

#3
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I am having issues with popup's when i click onto some windows and I am getting links on words that don't have links and i am really concered about what ever the scammers did to my computer. They said that i really need to restart my computer to make the fix working. but i have not retarted my computer since then.

Thank you Godawgs.

PS. Your Kitten is rockin out hardcore :lol:
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the info. Yeah, just the other day I had one of those scammers call me. He was trying to get me to enter a web site into by browser and click on it so that they could clean my infected computer. Is that basically what happened here?

Let's see what we can do. I don't see an antivirus program on this computer. After we have done some cleaning on it we will get an AV installed. Until then I would advise that you disconnect this computer from the internet. And reconnect it only to come here to get my instructions and reply to them. It shouldn't take long before you can reconnect it for good.

There is quite a bit to do here so it will be helpful to print these instructions or save them to a text file so you will have them. It might also be helpful to download all of the tools you will need and then close the browser.

The first thing we need to do is move the OTL program to the desktop of the drive with Windows on it. In this case the C:\ drive. OTL is designed to berun from the desktop of the drive with Windows on it.


Step-1.

Please click the OTL icon on the G:\ drive and click Copy.
Then open the desktop on your computer. that should be on the C:\ drive.
Right click on an open area of the desktop and click Paste. That should pot OTL on your desktop.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2014/01/23 16:11:07 | 000,739,608 | ---- | M] () -- C:\Users\Jason\Downloads\AA_v3.exe
IE - HKLM\..\SearchScopes,DefaultScope = {B24864FB-99FC-4028-89CF-186CD37D2CF7}
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes,DefaultScope = {B24864FB-99FC-4028-89CF-186CD37D2CF7}
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{8B665307-47CE-44A5-88B3-67D7B300AD97}: "URL" = http://search.condui...3285981338&UM=2
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{B24864FB-99FC-4028-89CF-186CD37D2CF7}: "URL" = http://search.condui...3637483189&UM=2
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [VDownloader] C:\Program Files\VDownloader\VDownloader.exe (Vitzo)
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [OutfoxTV] C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe File not found
O4 - HKLM..\RunOnce: [123_16278002084663] C:\Users\Jason\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
O33 - MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -ap
O33 - MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\Shell\AutoRun\command - "" = G:\WIN\setup.exe -ap
O33 - MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\Shell - "" = AutoRun
O33 - MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\Shell\AutoRun\command - "" = I:\HPLauncher.exe
[2014/01/23 16:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2014/01/29 01:36:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/01/14 10:41:51 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2014/01/14 10:41:50 | 000,000,088 | RHS- | M] () -- C:\ProgramData\BC0189C886.sys

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{56A25997-F987-4843-8D62-566001B069AE}" = -

:FILES
C:\Program Files\Mobogenie
C:\Program Files\VDownloader
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

We need to move the AdwCleaner program from the G:\ drive to the desktop. Please repeat step 2 to copy the AdwCleaner program to the desktop.

NEXT:

Re-run AdwCleaner

Close all open windows and browsers.

  • Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt

Step-4.

Scan with JRT:

Posted Image Please download Junkware Removal Tool to your desktop.

NOTE: Temporarily shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right click the JRT icon Posted Image and click Run as Administrator to run the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
NOTE: Reboot the machine and ensure that all security software is now enabled.


Step-5.

Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-6

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The OTL fixes log
2. The AdwCleaner[S0].txt log
3. The JRT.txt log
4. The new OTL.txt log
  • 0

#5
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
No active process named AA_v3.exe was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8B665307-47CE-44A5-88B3-67D7B300AD97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B665307-47CE-44A5-88B3-67D7B300AD97}\ not found.
Registry key HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B24864FB-99FC-4028-89CF-186CD37D2CF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B24864FB-99FC-4028-89CF-186CD37D2CF7}\ not found.
HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VDownloader deleted successfully.
C:\Program Files\VDownloader\VDownloader.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OutfoxTV deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\123_16278002084663 deleted successfully.
C:\Users\Jason\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp_r.bat moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1866b84e-19db-11e3-9cca-001f3bab84fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1866b84e-19db-11e3-9cca-001f3bab84fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1866b84e-19db-11e3-9cca-001f3bab84fb}\ not found.
File I:\HPLauncher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d181d86-1505-11e3-9561-001fe1fe84f7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d181d86-1505-11e3-9561-001fe1fe84f7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d181d86-1505-11e3-9561-001fe1fe84f7}\ not found.
File G:\WIN\setup.exe -ap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a70fe50e-6e70-11e3-a3cf-001f3bab84fb}\ not found.
File G:\WIN\setup.exe -ap not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2b1e541-2a9e-11e3-b64d-001f3bab84fb}\ not found.
File I:\HPLauncher.exe not found.
C:\ProgramData\AMMYY folder moved successfully.
C:\Windows\Tasks\MySearchDial.job moved successfully.
C:\ProgramData\KGyGaAvL.sys moved successfully.
C:\ProgramData\BC0189C886.sys moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{56A25997-F987-4843-8D62-566001B069AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56A25997-F987-4843-8D62-566001B069AE}\ not found.
========== FILES ==========
C:\Program Files\Mobogenie folder moved successfully.
C:\Program Files\VDownloader\zh-CHS folder moved successfully.
C:\Program Files\VDownloader\VDownloader_Secure folder moved successfully.
C:\Program Files\VDownloader\tr folder moved successfully.
C:\Program Files\VDownloader\sr-Cyrl-CS folder moved successfully.
C:\Program Files\VDownloader\sr folder moved successfully.
C:\Program Files\VDownloader\ru folder moved successfully.
C:\Program Files\VDownloader\pt-BR folder moved successfully.
C:\Program Files\VDownloader\pl folder moved successfully.
C:\Program Files\VDownloader\nl folder moved successfully.
C:\Program Files\VDownloader\ko folder moved successfully.
C:\Program Files\VDownloader\ja folder moved successfully.
C:\Program Files\VDownloader\it folder moved successfully.
C:\Program Files\VDownloader\hu folder moved successfully.
C:\Program Files\VDownloader\fr folder moved successfully.
C:\Program Files\VDownloader\es folder moved successfully.
C:\Program Files\VDownloader\de folder moved successfully.
C:\Program Files\VDownloader\ar folder moved successfully.
C:\Program Files\VDownloader\Addons\FireFox\chrome\content folder moved successfully.
C:\Program Files\VDownloader\Addons\FireFox\chrome folder moved successfully.
C:\Program Files\VDownloader\Addons\FireFox folder moved successfully.
C:\Program Files\VDownloader\Addons\Chrome folder moved successfully.
C:\Program Files\VDownloader\Addons folder moved successfully.
C:\Program Files\VDownloader folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\js\lib\popupResource folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\js\lib folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\js\api folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\js folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\icons\actions folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\icons folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\extensionData\userCode folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\extensionData\plugins folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0\extensionData folder moved successfully.
C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmilhmcinpmpohfoiccaplbhgelbnim\1.26.48_0 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Desktop\godawgs\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\godawgs\cmd.txt deleted successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Jason\Desktop\godawgs\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\godawgs\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state ON /c >
Ok.
C:\Users\Jason\Desktop\godawgs\cmd.bat deleted successfully.
C:\Users\Jason\Desktop\godawgs\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jason
->Temp folder emptied: 33283836 bytes
->Temporary Internet Files folder emptied: 92306074 bytes
->Java cache emptied: 2239218 bytes
->Google Chrome cache emptied: 455598868 bytes
->Flash cache emptied: 492 bytes

User: JJAM
->Temp folder emptied: 2375257 bytes
->Temporary Internet Files folder emptied: 23671 bytes
->Google Chrome cache emptied: 819568 bytes
->Flash cache emptied: 492 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21922824 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 580.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01302014_182033

Files\Folders moved on Reboot...
C:\Users\Jason\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


# AdwCleaner v3.017 - Report created 30/01/2014 at 18:36:46
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jason - JASON-PC2
# Running from : C:\Users\Jason\Desktop\godawgs\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Searchprotect
Folder Deleted : C:\Program Files\TornTV.com
Folder Deleted : C:\Program Files\KeyBar_1.8
Folder Deleted : C:\Program Files\Vafmusic2
Folder Deleted : C:\Users\Jason\AppData\Local\genienext
Folder Deleted : C:\Users\Jason\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Jason\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jason\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jason\AppData\LocalLow\KeyBar_1.8
Folder Deleted : C:\Users\Jason\AppData\LocalLow\Vafmusic2
Folder Deleted : C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Folder Deleted : C:\Users\Jason\Documents\Mobogenie
Folder Deleted : C:\Users\JJAM\AppData\LocalLow\Vafmusic2
File Deleted : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
File Deleted : C:\Windows\System32\Tasks\MySearchDial

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B4436EC1-C086-4815-9DCC-F32D482BE21C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4436EC1-C086-4815-9DCC-F32D482BE21C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{51A39C53-9A33-4888-88A5-6E94085612C8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51A39C53-9A33-4888-88A5-6E94085612C8}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAD5A635-BAE5-4B0E-8098-8E0B584DF47B}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAD5A635-BAE5-4B0E-8098-8E0B584DF47B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateSaltarSmart_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SYSTEM\CurrentControlSet\services\eventlog\Application\Update SaltarSmart
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3294791
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AACF7D0F-FF0C-4849-A7CE-33374F35BFD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21CCBA82-8D71-40F0-A003-E5657FFBEE94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F2417B40-BB85-4244-BA17-DCD81740B65E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33F67ACD-DA08-40DD-9D1F-B492D5122D35}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8F90F6DC-952B-4ECD-8E80-767DFF192A5E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\Vafmusic2
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\KeyBar_1.8
Key Deleted : HKCU\Software\AppDataLow\Software\Vafmusic2
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\hdcode
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\KeyBar_1.8
Key Deleted : HKLM\Software\Vafmusic2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KeyBar_1.8 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vafmusic2 Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v32.0.1700.102

[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\JJAM\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7736 octets] - [29/01/2014 01:44:35]
AdwCleaner[R1].txt - [7650 octets] - [30/01/2014 18:35:29]
AdwCleaner[S0].txt - [7416 octets] - [30/01/2014 18:36:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7476 octets] ##########



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x86
Ran by Jason on Thu 01/30/2014 at 19:46:22.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/30/2014 at 19:49:12.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 1/30/2014 7:52:56 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jason\Desktop\godawgs
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 70.78% Memory free
6.00 Gb Paging File | 5.03 Gb Available in Paging File | 83.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.83 Gb Total Space | 148.58 Gb Free Space | 67.28% Space Free | Partition Type: NTFS
Drive D: | 11.96 Gb Total Space | 5.13 Gb Free Space | 42.94% Space Free | Partition Type: NTFS
Drive G: | 960.81 Mb Total Space | 952.83 Mb Free Space | 99.17% Space Free | Partition Type: FAT32

Computer Name: JASON-PC2 | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/19 15:27:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jason\Desktop\godawgs\OTL.exe
PRC - [2013/08/09 19:02:12 | 001,678,040 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2013/05/16 09:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/03 16:41:16 | 000,329,072 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
PRC - [2011/11/03 15:47:36 | 000,243,056 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe
PRC - [2011/08/04 12:37:56 | 000,140,656 | ---- | M] (Sierra Wireless Inc.) -- C:\Program Files\Rogers\Rogers Connection Manager\WaHelper.exe
PRC - [2011/06/16 13:40:20 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/28 14:26:44 | 001,196,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCcUxSys.exe
PRC - [2010/10/28 14:21:56 | 000,331,776 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\ControlCenter4\BrCtrlCntr.exe
PRC - [2010/06/10 12:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/03/08 23:42:02 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\pptd40nt.exe
PRC - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
PRC - [2010/03/05 19:11:30 | 000,636,192 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
PRC - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/06/25 21:48:44 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/06/25 21:48:16 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/05/05 15:06:06 | 000,222,496 | ---- | M] (Acresso Corporation) -- C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/16 09:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 16:39:14 | 000,251,248 | ---- | M] () -- C:\Program Files\Sierra Wireless Inc\WebUpdater\WebUpdtAPI.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/12/11 02:08:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/09 19:02:12 | 001,678,040 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013/07/19 19:46:21 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/11/03 15:47:36 | 000,243,056 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\Common\SwiCardDetect.exe -- (SwiCardDetectSvc)
SRV - [2011/06/16 13:40:20 | 000,167,280 | ---- | M] (Sierra Wireless, Inc.) [Auto | Running] -- C:\Program Files\Sierra Wireless Inc\IERA\IERA.exe -- (IERA)
SRV - [2010/03/08 23:40:36 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe -- (PDFProFiltSrvPP)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/25 21:48:16 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/04/29 02:21:04 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmci.sys -- (vmci)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SWUMX20)
DRV - [2013/08/09 19:02:12 | 000,174,936 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/23 07:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 07:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 07:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/28 11:45:08 | 000,237,568 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8ua3.sys -- (SWNC8UA3)
DRV - [2011/05/16 11:44:17 | 000,083,968 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swiwdmbx.sys -- (swiwdmbx)
DRV - [2011/05/13 13:53:00 | 000,215,552 | ---- | M] (Sierra Wireless Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swg3kser00.sys -- (swg3kser00)
DRV - [2010/11/20 14:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 14:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010/11/20 14:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 14:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/01/26 19:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009/11/02 20:06:12 | 000,011,520 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV - [2009/11/02 20:06:11 | 000,071,424 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/25 22:23:46 | 004,993,536 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/04/29 02:20:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2007/10/30 11:41:44 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2k.sys -- (USA19H)
DRV - [2007/05/29 15:32:56 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USA19H2kp.sys -- (USA19H2KP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1489219213-3380654759-245415699-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: FVD Downloader = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\
CHR - Extension: FVD Downloader = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.6_0\modules\clickberry\_
CHR - Extension: Google Wallet = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/01/12 00:42:35 | 000,450,639 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15467 more lines...
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDFHook] C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TRUUpdater] C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Program files\Rogers\Rogers Connection Manager\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [ISUSPM] -scheduler File not found
O4 - HKU\S-1-5-21-1489219213-3380654759-245415699-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Open with PDF Viewer Plus - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{193DFE1A-DF8D-4F13-946A-02E995EE8D15}: NameServer = 64.71.255.254 64.71.255.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F98AD727-C608-44D1-A4B7-1DAA6AC6CDBC}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/01 11:52:22 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/30 19:46:17 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/30 18:20:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/30 18:18:51 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\godawgs
[2014/01/29 03:40:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Desktop\fix
[2014/01/29 02:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2014/01/29 01:44:20 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/23 16:18:43 | 000,000,000 | ---D | C] -- C:\Users\Jason\AppData\Local\LogMeIn Rescue Applet
[2014/01/19 12:21:44 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Sony Vaio PCG-C1X
[2014/01/14 12:03:30 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Otafest 2009
[2014/01/10 14:26:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\3D printer
[2014/01/08 00:29:38 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\67 Mustang
[2014/01/06 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Volt
[2014/01/06 11:16:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\vw xl1
[2014/01/06 11:01:59 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Audi
[2014/01/06 10:51:14 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Road Warrior
[2014/01/05 17:03:02 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\EPS Patrol Cars
[2014/01/05 16:33:49 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\line art cars
[2014/01/05 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Dark Star Games
[2014/01/05 16:07:08 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\crown Vicy
[2014/01/05 15:39:22 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Chev
[2014/01/03 20:46:45 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Ford customs
[2014/01/03 20:44:26 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Old Hwy trucks
[2014/01/03 20:20:18 | 000,000,000 | ---D | C] -- C:\Users\Jason\Documents\Knott's Berry Farm

========== Files - Modified Within 30 Days ==========

[2014/01/30 19:45:48 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/30 19:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/30 19:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/30 18:46:32 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/30 18:46:32 | 000,021,904 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/30 18:45:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/30 18:45:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/30 18:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/30 18:39:12 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/12 00:42:35 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/12 00:42:09 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140112-004235.backup
[2014/01/12 00:41:46 | 000,450,639 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20140112-004209.backup

========== Files Created - No Company Name ==========

[2014/01/14 11:57:14 | 004,844,544 | ---- | C] () -- C:\Users\Jason\Documents\Sleepwalk-1.pps
[2014/01/14 11:57:14 | 002,831,872 | ---- | C] () -- C:\Users\Jason\Documents\OldAmerica.pps
[2013/12/26 12:47:55 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe
[2013/12/18 11:03:38 | 000,000,218 | ---- | C] () -- C:\Users\Jason\AppData\Local\recently-used.xbel
[2013/10/19 08:22:31 | 000,011,600 | ---- | C] () -- C:\Windows\System32\drivers\sfi.dat
[2013/10/05 13:33:41 | 000,054,552 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2013/10/01 08:11:40 | 000,008,791 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/07 07:03:56 | 000,000,248 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013/09/07 07:03:56 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013/09/07 07:00:30 | 000,002,944 | ---- | C] () -- C:\Windows\BRPARAM.INI
[2013/09/07 06:59:41 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013/09/07 06:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2013/09/07 06:59:35 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2013/09/07 06:59:30 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/07/19 20:27:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/07/19 18:55:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/01 11:56:31 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Autodesk
[2013/12/07 09:29:25 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Bitstream
[2013/09/07 07:17:03 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ControlCenter4
[2013/12/18 10:58:39 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\ImgBurn
[2013/09/05 02:11:40 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\inkscape
[2013/10/05 13:33:46 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Leadertech
[2013/09/09 06:25:28 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Nuance
[2013/09/03 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Sierra Wireless
[2013/07/19 23:32:29 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\SumatraPDF
[2013/07/19 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\TeraCopy
[2013/12/26 12:49:55 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\uTorrent
[2013/12/26 12:48:15 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\VDownloader
[2013/09/09 06:25:32 | 000,000,000 | ---D | M] -- C:\Users\Jason\AppData\Roaming\Zeon
[2013/10/07 06:54:39 | 000,000,000 | ---D | M] -- C:\Users\JJAM\AppData\Roaming\ControlCenter4
[2013/10/07 23:20:17 | 000,000,000 | ---D | M] -- C:\Users\JJAM\AppData\Roaming\Sierra Wireless

========== Purity Check ==========



< End of report >
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing. We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

All programs, folders and files listed below in this color are optional removals, but if you uninstall the program(s) you must delete the folders and files in the corresponding colors. All programs in black are malware or viruses or out of date programs and must be deleted.

Step-1.

Uninstall Programs and Optional Removals


1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Java 7 Update 25
VDownloader 3.9.1627
TornTV
uTorrent


3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. Let me know how the uninstalls went. Also let me know if you uninstalled uTorrent so we can remove the bits it leaves behind.
2. Let me know if you are still getting the pop ups and how the computer is running now.
  • 0

#7
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi godawgs,

I have uninstalled all of the programs that you have asked me to execpt Torntv, I could not find TornTV in the list.

As far as I can tell the popup's are all gone but, I do see something that bothers me.
When my computer restarts I see another name on the list but I did not put it there, and I know that it is possible to have a hidden name and I am still worried about what the call center might have done.
  • 0

#8
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When my computer restarts I see another name on the list but I did not put it there

You see another name on what list? Can you read the name? If so please tell me what it is.
  • 0

#9
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
jjam
  • 0

#10
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
jjam

it was giving me an error saying that i was posting too often then it would not let me click into the text box

Edited by jjam04, 01 February 2014 - 02:47 PM.

  • 0

Advertisements


#11
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Is it ok now?
  • 0

#12
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
yes it seems that I can Post now
  • 0

#13
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When my computer restarts I see another name on the list but I did not put it there, and I know that it is possible to have a hidden name and I am still worried about what the call center might have done.

What is the name you see and what list are you talking about when the computer restarts?

Also, let me know if you uninstalled uTorrent so we can remove the bits it leaves behind.
  • 0

#14
jjam04

jjam04

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hello,

I see the names Jason(me), and JJAM(not me) and it when the computer starts up before I see my desktop.

Yes I have uninstalled uTorrent
  • 0

#15
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Do you log into Windows with a password? If so, go into the Control Panel and under User Accounts and Family Safety try to remove the JJAM user and see if it will let you. But first create a restore point.


Make a Fresh Restore Point

  • Click the Start Orb. Click Control Panel. Click System and Maintenance
  • Click System
  • In the left column under Tasks, click Advance System Settings and accept the warning if you get one
  • Click the System Protection Tab
  • Windows Vista: In the Available Disks box put a check mark in the box next to OS (?:) (System). Your drive letter will be shown in place of the ?
    Windows 7/8: In the Protection Settings section, make sure the protection for the System drive is ON. If it isn't, click the Configure button and turn it on.

    Note: It may take some time for the system to populate the Available Disks box, so be patient.
  • Click the Create button at the bottom
  • Type in a name for the restore point, i.e: Before removing JJAM
  • Click Create
  • A small System Protection window will come up telling you a Restore Point is being created.
  • Another System Protection window will come up telling you the Restore Point has been created, click OK
  • Click OK again.
  • Close the Control Panel

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP